ronin-app 0.1.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.dockerignore +3 -0
- data/.document +6 -0
- data/.env.dev +1 -0
- data/.github/workflows/ruby.yml +44 -0
- data/.gitignore +16 -0
- data/.rspec +1 -0
- data/.rubocop.yml +26 -0
- data/.ruby-version +1 -0
- data/.yardopts +1 -0
- data/CONTRIBUTING.md +34 -0
- data/COPYING.txt +661 -0
- data/ChangeLog.md +38 -0
- data/Dockerfile +27 -0
- data/Gemfile +61 -0
- data/Procfile +2 -0
- data/Procfile.dev +2 -0
- data/README.md +215 -0
- data/Rakefile +44 -0
- data/app/db.rb +680 -0
- data/app/scanning.rb +173 -0
- data/app.rb +372 -0
- data/bin/ronin-app +34 -0
- data/config/database.rb +17 -0
- data/config/puma.rb +24 -0
- data/config/redis.rb +4 -0
- data/config/sidekiq.rb +23 -0
- data/config/sidekiq.yml +12 -0
- data/config.ru +33 -0
- data/docker-compose.yml +45 -0
- data/etc/systemd/user/ronin-app-sidekiq.1.service +17 -0
- data/etc/systemd/user/ronin-app-web.1.service +18 -0
- data/etc/systemd/user/ronin-app.target +5 -0
- data/gemspec.yml +55 -0
- data/lib/middleware/sidekiq/active_record_connection_pool.rb +47 -0
- data/lib/ronin/app/cli.rb +197 -0
- data/lib/ronin/app/helpers/html.rb +71 -0
- data/lib/ronin/app/root.rb +28 -0
- data/lib/ronin/app/schemas/params_schema.rb +66 -0
- data/lib/ronin/app/schemas/payloads/build_schema.rb +56 -0
- data/lib/ronin/app/schemas/payloads/encoders/encode_schema.rb +60 -0
- data/lib/ronin/app/types/import.rb +35 -0
- data/lib/ronin/app/types/nmap.rb +81 -0
- data/lib/ronin/app/types/spider.rb +49 -0
- data/lib/ronin/app/types/vulns.rb +69 -0
- data/lib/ronin/app/types.rb +66 -0
- data/lib/ronin/app/validations/import_params.rb +71 -0
- data/lib/ronin/app/validations/install_repo_params.rb +78 -0
- data/lib/ronin/app/validations/masscan_params.rb +122 -0
- data/lib/ronin/app/validations/nmap_params.rb +183 -0
- data/lib/ronin/app/validations/recon_params.rb +86 -0
- data/lib/ronin/app/validations/spider_params.rb +103 -0
- data/lib/ronin/app/validations/vulns_params.rb +83 -0
- data/lib/ronin/app/version.rb +26 -0
- data/log/.gitkeep +0 -0
- data/man/ronin-app.1 +63 -0
- data/man/ronin-app.1.md +61 -0
- data/public/images/favicon.png +0 -0
- data/public/images/favicon.svg +78 -0
- data/public/images/logo.svg +78 -0
- data/public/images/sidekiq.svg +24 -0
- data/public/javascript/app.js +60 -0
- data/public/javascript/notes.js +28 -0
- data/public/javascript/tabs.js +40 -0
- data/public/stylesheets/app.css +216 -0
- data/public/stylesheets/bulma.min.css +1 -0
- data/ronin-app.gemspec +63 -0
- data/scripts/console +7 -0
- data/scripts/server +134 -0
- data/scripts/setup +447 -0
- data/scripts/update +55 -0
- data/tmp/.gitkeep +0 -0
- data/views/_authors.erb +62 -0
- data/views/_delete.erb +4 -0
- data/views/_delete_all.erb +4 -0
- data/views/_encoding_tabs.erb +25 -0
- data/views/_notes.erb +33 -0
- data/views/_pagination.erb +1 -0
- data/views/_param_fields.erb +66 -0
- data/views/_params.erb +35 -0
- data/views/about.erb +30 -0
- data/views/db/advisories/index.erb +30 -0
- data/views/db/advisories/show.erb +105 -0
- data/views/db/asns/index.erb +19 -0
- data/views/db/asns/show.erb +61 -0
- data/views/db/credentials/index.erb +30 -0
- data/views/db/credentials/show.erb +51 -0
- data/views/db/email_addresses/index.erb +30 -0
- data/views/db/email_addresses/show.erb +44 -0
- data/views/db/host_names/index.erb +30 -0
- data/views/db/host_names/show.erb +52 -0
- data/views/db/ip_addresses/index.erb +19 -0
- data/views/db/ip_addresses/show.erb +98 -0
- data/views/db/mac_addresses/index.erb +19 -0
- data/views/db/mac_addresses/show.erb +62 -0
- data/views/db/open_ports/index.erb +19 -0
- data/views/db/open_ports/show.erb +87 -0
- data/views/db/organizations/departments/show.erb +82 -0
- data/views/db/organizations/index.erb +28 -0
- data/views/db/organizations/members/show.erb +87 -0
- data/views/db/organizations/show.erb +111 -0
- data/views/db/oses/index.erb +19 -0
- data/views/db/oses/show.erb +46 -0
- data/views/db/passwords/index.erb +30 -0
- data/views/db/passwords/show.erb +52 -0
- data/views/db/people/index.erb +31 -0
- data/views/db/people/show.erb +120 -0
- data/views/db/phone_numbers/index.erb +30 -0
- data/views/db/phone_numbers/show.erb +63 -0
- data/views/db/ports/index.erb +30 -0
- data/views/db/ports/show.erb +70 -0
- data/views/db/services/index.erb +30 -0
- data/views/db/services/show.erb +65 -0
- data/views/db/software/index.erb +19 -0
- data/views/db/software/show.erb +52 -0
- data/views/db/software_vendors/index.erb +19 -0
- data/views/db/software_vendors/show.erb +36 -0
- data/views/db/street_addresses/index.erb +19 -0
- data/views/db/street_addresses/show.erb +63 -0
- data/views/db/url_query_param_names/index.erb +19 -0
- data/views/db/url_query_param_names/show.erb +50 -0
- data/views/db/url_schemes/index.erb +19 -0
- data/views/db/url_schemes/show.erb +36 -0
- data/views/db/urls/index.erb +30 -0
- data/views/db/urls/show.erb +103 -0
- data/views/db/user_names/index.erb +30 -0
- data/views/db/user_names/show.erb +48 -0
- data/views/db/vulns/index.erb +19 -0
- data/views/db/vulns/show.erb +104 -0
- data/views/db.erb +152 -0
- data/views/exploits/index.erb +9 -0
- data/views/exploits/show.erb +100 -0
- data/views/import.erb +30 -0
- data/views/index.erb +7 -0
- data/views/layout.erb +98 -0
- data/views/masscan.erb +459 -0
- data/views/nmap.erb +1009 -0
- data/views/payloads/build.erb +19 -0
- data/views/payloads/encoders/encode.erb +35 -0
- data/views/payloads/encoders/index.erb +9 -0
- data/views/payloads/encoders/show.erb +47 -0
- data/views/payloads/index.erb +9 -0
- data/views/payloads/show.erb +47 -0
- data/views/queue.erb +28 -0
- data/views/recon.erb +55 -0
- data/views/repos/index.erb +30 -0
- data/views/repos/install.erb +45 -0
- data/views/repos/show.erb +39 -0
- data/views/spider.erb +372 -0
- data/views/vulns.erb +214 -0
- data/workers/import.rb +96 -0
- data/workers/install_repo.rb +40 -0
- data/workers/masscan.rb +135 -0
- data/workers/nmap.rb +216 -0
- data/workers/purge_repos.rb +40 -0
- data/workers/recon.rb +95 -0
- data/workers/remove_repo.rb +40 -0
- data/workers/spider.rb +148 -0
- data/workers/update_repo.rb +42 -0
- data/workers/update_repos.rb +40 -0
- data/workers/vulns.rb +111 -0
- data/workers.rb +37 -0
- metadata +538 -0
@@ -0,0 +1,19 @@
|
|
1
|
+
<script type="text/javascript" src="/javascript/tabs.js"></script>
|
2
|
+
|
3
|
+
<h1>Build Payload: <%=h @payload.class.id %></h1>
|
4
|
+
|
5
|
+
<form method="post">
|
6
|
+
<% unless @payload.class.params.empty? %>
|
7
|
+
<%= partial :param_fields, object: @payload %>
|
8
|
+
<% end %>
|
9
|
+
|
10
|
+
<div class="field">
|
11
|
+
<button type="submit" class="button is-primary">Build</button>
|
12
|
+
</div>
|
13
|
+
</form>
|
14
|
+
|
15
|
+
<% if @built_payload %>
|
16
|
+
<h2>Built Payload</h2>
|
17
|
+
|
18
|
+
<%= partial :encoding_tabs, string: @built_payload %>
|
19
|
+
<% end %>
|
@@ -0,0 +1,35 @@
|
|
1
|
+
<script type="text/javascript" src="/javascript/tabs.js"></script>
|
2
|
+
|
3
|
+
<h1>Encode Payload: <%=h @encoder.class.id %></h1>
|
4
|
+
|
5
|
+
<form method="post">
|
6
|
+
<div class="field">
|
7
|
+
<label class="label">Data</label>
|
8
|
+
|
9
|
+
<div class="control">
|
10
|
+
<% if @errors && @errors[:data] %>
|
11
|
+
<input class="input is-danger" type="text" name="data" value="<%=hattr params[:data] %>">
|
12
|
+
|
13
|
+
<% @errors[:data].each do |error| %>
|
14
|
+
<p class="help is-danger"><%=h error %></p>
|
15
|
+
<% end %>
|
16
|
+
<% else %>
|
17
|
+
<input class="input" type="text" name="data" placeholder="data to encode" value="<%=hattr params[:data] %>">
|
18
|
+
<% end %>
|
19
|
+
</div>
|
20
|
+
</div>
|
21
|
+
|
22
|
+
<% unless @encoder.class.params.empty? %>
|
23
|
+
<%= partial :param_fields, object: @encoder %>
|
24
|
+
<% end %>
|
25
|
+
|
26
|
+
<div class="field">
|
27
|
+
<button type="submit" class="button is-primary">Encode</button>
|
28
|
+
</div>
|
29
|
+
</form>
|
30
|
+
|
31
|
+
<% if @encoded_data %>
|
32
|
+
<h2>Encoded Data</h2>
|
33
|
+
|
34
|
+
<%= partial :encoding_tabs, string: @encoded_data %>
|
35
|
+
<% end %>
|
@@ -0,0 +1,47 @@
|
|
1
|
+
<h1>Payload Encoder: <%=h @encoder.id %></h1>
|
2
|
+
|
3
|
+
<table class="table">
|
4
|
+
<tbody>
|
5
|
+
<tr>
|
6
|
+
<td><strong>Name:</strong></td>
|
7
|
+
<td>
|
8
|
+
<kbd><%=h @encoder.id %></kbd>
|
9
|
+
</td>
|
10
|
+
</tr>
|
11
|
+
|
12
|
+
<tr>
|
13
|
+
<td><strong>Authors:</strong></td>
|
14
|
+
<td>
|
15
|
+
<%= partial(:authors, authors: @encoder.authors) %>
|
16
|
+
</td>
|
17
|
+
</tr>
|
18
|
+
|
19
|
+
<tr>
|
20
|
+
<td><strong>Summary:</strong></td>
|
21
|
+
<td><%=h @encoder.summary %></td>
|
22
|
+
</tr>
|
23
|
+
|
24
|
+
<tr>
|
25
|
+
<td><strong>Description:</strong></td>
|
26
|
+
<td>
|
27
|
+
<pre><%=h @encoder.description %></pre>
|
28
|
+
</td>
|
29
|
+
</tr>
|
30
|
+
|
31
|
+
<tr>
|
32
|
+
<td><strong>References:</strong></td>
|
33
|
+
<td>
|
34
|
+
<% @encoder.references.each do |reference| %>
|
35
|
+
<p><a href="<%=h reference %>"><%=h reference %></a></p>
|
36
|
+
<% end %>
|
37
|
+
</td>
|
38
|
+
</tr>
|
39
|
+
|
40
|
+
<tr>
|
41
|
+
<td><strong>Params:</strong></td>
|
42
|
+
<td>
|
43
|
+
<%= partial(:params, params: @encoder.params) %>
|
44
|
+
</td>
|
45
|
+
</tr>
|
46
|
+
</tbody>
|
47
|
+
</table>
|
@@ -0,0 +1,47 @@
|
|
1
|
+
<h1>Payload: <%=h @payload.id %></h1>
|
2
|
+
|
3
|
+
<table class="table">
|
4
|
+
<tbody>
|
5
|
+
<tr>
|
6
|
+
<td><strong>Name:</strong></td>
|
7
|
+
<td>
|
8
|
+
<kbd><%=h @payload.id %></kbd>
|
9
|
+
</td>
|
10
|
+
</tr>
|
11
|
+
|
12
|
+
<tr>
|
13
|
+
<td><strong>Authors:</strong></td>
|
14
|
+
<td>
|
15
|
+
<%= partial(:authors, authors: @payload.authors) %>
|
16
|
+
</td>
|
17
|
+
</tr>
|
18
|
+
|
19
|
+
<tr>
|
20
|
+
<td><strong>Summary:</strong></td>
|
21
|
+
<td><%=h @payload.summary %></td>
|
22
|
+
</tr>
|
23
|
+
|
24
|
+
<tr>
|
25
|
+
<td><strong>Description:</strong></td>
|
26
|
+
<td>
|
27
|
+
<pre><%=h @payload.description %></pre>
|
28
|
+
</td>
|
29
|
+
</tr>
|
30
|
+
|
31
|
+
<tr>
|
32
|
+
<td><strong>References:</strong></td>
|
33
|
+
<td>
|
34
|
+
<% @payload.references.each do |reference| %>
|
35
|
+
<p><a href="<%=h reference %>"><%=h reference %></a></p>
|
36
|
+
<% end %>
|
37
|
+
</td>
|
38
|
+
</tr>
|
39
|
+
|
40
|
+
<tr>
|
41
|
+
<td><strong>Params:</strong></td>
|
42
|
+
<td>
|
43
|
+
<%= partial(:params, params: @payload.params) %>
|
44
|
+
</td>
|
45
|
+
</tr>
|
46
|
+
</tbody>
|
47
|
+
</table>
|
data/views/queue.erb
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
<h1>Currently running jobs</h1>
|
2
|
+
|
3
|
+
<% @workers.each do |worker| %>
|
4
|
+
<div class="box">
|
5
|
+
<div>
|
6
|
+
<div>
|
7
|
+
<h2 class="my-0"><%= worker[:class] %></h2>
|
8
|
+
<p class="mb-0"><strong>QUEUE:</strong> <%= worker[:queue] %></p>
|
9
|
+
|
10
|
+
<p>
|
11
|
+
<strong>ARGUMENTS:</strong>
|
12
|
+
<% worker[:args].each do |arg| %>
|
13
|
+
<% arg.each do |key, value| %>
|
14
|
+
<strong><%= key %></strong>: <kbd><%= value %></kbd>
|
15
|
+
<% end %>
|
16
|
+
<% end %>
|
17
|
+
</p>
|
18
|
+
|
19
|
+
<hr>
|
20
|
+
<div class="columns">
|
21
|
+
<div class="column is-one-third py-0"><strong>Created at:</strong> <%= worker[:created_at] %></div>
|
22
|
+
<div class="column is-one-third py-0"><strong>Enqueued at:</strong> <%= worker[:enqueued_at] %></div>
|
23
|
+
<div class="column is-one-third py-0"><strong>Run at:</strong> <%= worker[:run_at] %></div>
|
24
|
+
</div>
|
25
|
+
</div>
|
26
|
+
</div>
|
27
|
+
</div>
|
28
|
+
<% end %>
|
data/views/recon.erb
ADDED
@@ -0,0 +1,55 @@
|
|
1
|
+
<h1>Recon</h1>
|
2
|
+
|
3
|
+
<form id="recon" action="/recon" method="post">
|
4
|
+
<div class="field">
|
5
|
+
<label class="label is-required">Scope</label>
|
6
|
+
|
7
|
+
<div class="control">
|
8
|
+
<% if @errors && @errors[:scope] %>
|
9
|
+
<textarea class="textarea is-danger" name="scope" required><%=h params[:scope] %></textarea>
|
10
|
+
|
11
|
+
<% @errors[:scope].each do |error| %>
|
12
|
+
<p class="help is-danger"><%=h error %></p>
|
13
|
+
<% end %>
|
14
|
+
<% else %>
|
15
|
+
<textarea class="textarea" name="scope" placeholder="example.com, www.example.com, *.example.com, 192.168.1.1, 192.168.1.0/24, https://example.com, ..." required><%=h params[:scope] %></textarea>
|
16
|
+
<% end %>
|
17
|
+
</div>
|
18
|
+
</div>
|
19
|
+
|
20
|
+
<div class="field">
|
21
|
+
<label class="label">Ignore</label>
|
22
|
+
|
23
|
+
<div class="control">
|
24
|
+
<% if @errors && @errors[:ignore] %>
|
25
|
+
<textarea class="textarea is-danger" name="ignore"><%=h params[:ignore] %></textarea>
|
26
|
+
|
27
|
+
<% @errors[:ignore].each do |error| %>
|
28
|
+
<p class="help is-danger"><%=h error %></p>
|
29
|
+
<% end %>
|
30
|
+
<% else %>
|
31
|
+
<textarea class="textarea" name="ignore" placeholder="example.com, www.example.com, *.example.com, 192.168.1.1, 192.168.1.0/24, https://example.com, ..."><%=h params[:ignore] %></textarea>
|
32
|
+
<% end %>
|
33
|
+
</div>
|
34
|
+
</div>
|
35
|
+
|
36
|
+
<div class="field">
|
37
|
+
<button type="submit" class="button is-primary">Recon</button>
|
38
|
+
</div>
|
39
|
+
|
40
|
+
<div class="field">
|
41
|
+
<label class="label">Max Depth</label>
|
42
|
+
|
43
|
+
<div class="control">
|
44
|
+
<% if @errors && @errors[:max_depth] %>
|
45
|
+
<input class="input is-danger" type="text" name="max_depth" value="<%=hattr params[:max_depth] %>">
|
46
|
+
|
47
|
+
<% @errors[:max_depth].each do |error| %>
|
48
|
+
<p class="help is-danger"><%=h error %></p>
|
49
|
+
<% end %>
|
50
|
+
<% else %>
|
51
|
+
<input class="input" type="text" name="max_depth" placeholder="3" value="<%=hattr params[:max_depth] %>">
|
52
|
+
<% end %>
|
53
|
+
</div>
|
54
|
+
</div>
|
55
|
+
</form>
|
@@ -0,0 +1,30 @@
|
|
1
|
+
<h1>Repositories</h1>
|
2
|
+
|
3
|
+
<% @repos.each do |repo| %>
|
4
|
+
<p>
|
5
|
+
<a href="/repos/<%=h repo.name %>">
|
6
|
+
<%=h repo.name %>
|
7
|
+
</a>
|
8
|
+
</p>
|
9
|
+
<% end %>
|
10
|
+
|
11
|
+
<div class="field is-grouped">
|
12
|
+
<div class="control">
|
13
|
+
<a href="/repos/install">
|
14
|
+
<button class="button is-primary">Install</button>
|
15
|
+
</a>
|
16
|
+
</div>
|
17
|
+
|
18
|
+
<div class="control">
|
19
|
+
<form action="/repos/update" method="POST">
|
20
|
+
<button type="submit" class="button is-primary">Update</button>
|
21
|
+
</form>
|
22
|
+
</div>
|
23
|
+
|
24
|
+
<div class="control">
|
25
|
+
<form action="/repos" method="POST">
|
26
|
+
<input type="hidden" name="_method" value="DELETE">
|
27
|
+
<button type="submit" class="button is-danger">Purge</button>
|
28
|
+
</form>
|
29
|
+
</div>
|
30
|
+
</div>
|
@@ -0,0 +1,45 @@
|
|
1
|
+
<h1>nmap</h1>
|
2
|
+
|
3
|
+
<form action="/repos/install" method="post">
|
4
|
+
<div class="field">
|
5
|
+
<label class="label is-required">URI</label>
|
6
|
+
|
7
|
+
<div class="control">
|
8
|
+
<% if @errors && @errors[:uri] %>
|
9
|
+
<input class="input is-danger" type="text" name="uri" placeholder="https://example.com/path/to/repo.git OR git@example.com:path/to/repo.git" value="<%=hattr params[:uri] %>">
|
10
|
+
|
11
|
+
<% @errors[:uri].each do |error| %>
|
12
|
+
<p class="help is-danger"><%=h error %></p>
|
13
|
+
<% end %>
|
14
|
+
<% else %>
|
15
|
+
<input class="input" type="text" name="uri" placeholder="https://example.com/path/to/repo.git OR git@example.com:path/to/repo.git" value="<%=hattr params[:uri] %>">
|
16
|
+
<% end %>
|
17
|
+
</div>
|
18
|
+
</div>
|
19
|
+
|
20
|
+
<div class="advanced">
|
21
|
+
<a class="advanced-toggle">Advanced Options</a>
|
22
|
+
|
23
|
+
<div class="advanced-content">
|
24
|
+
<div class="field">
|
25
|
+
<label class="label">Name</label>
|
26
|
+
|
27
|
+
<div class="control">
|
28
|
+
<% if @errors && @errors[:name] %>
|
29
|
+
<input class="input is-danger" type="text" name="name" placeholder="foo-bar" value="<%=hattr params[:name] %>">
|
30
|
+
|
31
|
+
<% @errors[:name].each do |error| %>
|
32
|
+
<p class="help is-danger"><%=h error %></p>
|
33
|
+
<% end %>
|
34
|
+
<% else %>
|
35
|
+
<input class="input" type="text" name="name" placeholder="foo-bar" value="<%=hattr params[:name] %>">
|
36
|
+
<% end %>
|
37
|
+
</div>
|
38
|
+
</div>
|
39
|
+
</div>
|
40
|
+
</div>
|
41
|
+
|
42
|
+
<div class="field">
|
43
|
+
<button type="submit" class="button is-primary">Install</button>
|
44
|
+
</div>
|
45
|
+
</form>
|
@@ -0,0 +1,39 @@
|
|
1
|
+
<h1>Repository: <%=h @repo.name %></h1>
|
2
|
+
|
3
|
+
<table class="table">
|
4
|
+
<tbody>
|
5
|
+
<tr>
|
6
|
+
<td><strong>Name:</strong></td>
|
7
|
+
<td><%=h @repo.name %></td>
|
8
|
+
</tr>
|
9
|
+
|
10
|
+
<tr>
|
11
|
+
<td><strong>URL:</strong></td>
|
12
|
+
<td><%=h @repo.url %></td>
|
13
|
+
</tr>
|
14
|
+
|
15
|
+
<tr>
|
16
|
+
<td><strong>Files:</strong></td>
|
17
|
+
<td>
|
18
|
+
<% @repo.list_files.each do |file| %>
|
19
|
+
<p><%=h file %></p>
|
20
|
+
<% end %>
|
21
|
+
</td>
|
22
|
+
</tr>
|
23
|
+
</tbody>
|
24
|
+
</table>
|
25
|
+
|
26
|
+
<div class="field is-grouped">
|
27
|
+
<div class="control">
|
28
|
+
<form action="/repos/<%=hattr @repo.name %>/update" method="POST">
|
29
|
+
<button type="submit" class="button is-primary">Update</button>
|
30
|
+
</form>
|
31
|
+
</div>
|
32
|
+
|
33
|
+
<div class="control">
|
34
|
+
<form action="/repos/<%=hattr @repo.name %>" method="POST">
|
35
|
+
<input type="hidden" name="_method" value="DELETE">
|
36
|
+
<button type="submit" class="button is-danger">Remove</button>
|
37
|
+
</form>
|
38
|
+
</div>
|
39
|
+
</div>
|